From bf3b2023083b69da4adad7c4642dbc880f39a234 Mon Sep 17 00:00:00 2001
From: DeveloperDurp <DeveloperDurp@durp.info>
Date: Sat, 10 May 2025 07:15:05 -0500
Subject: [PATCH] update

---
 dmz/crowdsec/Chart.yaml              | 11 +++++++++++
 dmz/crowdsec/templates/secrets.yaml  | 29 ++++++++++++++++++++++++++++
 dmz/crowdsec/values.yaml             | 24 +++++++++++++++++++++++
 infra/argocd/templates/crowdsec.yaml | 20 +++++++++++++++++++
 4 files changed, 84 insertions(+)
 create mode 100644 dmz/crowdsec/Chart.yaml
 create mode 100644 dmz/crowdsec/templates/secrets.yaml
 create mode 100644 dmz/crowdsec/values.yaml
 create mode 100644 infra/argocd/templates/crowdsec.yaml

diff --git a/dmz/crowdsec/Chart.yaml b/dmz/crowdsec/Chart.yaml
new file mode 100644
index 0000000..84cbb77
--- /dev/null
+++ b/dmz/crowdsec/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: crowdsec
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+  - name: crowdsec
+    repository: https://crowdsecurity.github.io/helm-charts
+    version: 0.19.2
diff --git a/dmz/crowdsec/templates/secrets.yaml b/dmz/crowdsec/templates/secrets.yaml
new file mode 100644
index 0000000..7eff904
--- /dev/null
+++ b/dmz/crowdsec/templates/secrets.yaml
@@ -0,0 +1,29 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: enroll-key
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: enroll-key
+  data:
+    - secretKey: ENROLL_INSTANCE_NAME
+      remoteRef:
+        key: kv/crowdsec/dmz-enroll
+        property: ENROLL_INSTANCE_NAME
+    - secretKey: ENROLL_KEY
+      remoteRef:
+        key: kv/crowdsec/dmz-enroll
+        property: ENROLL_KEY
+    - secretKey: ENROLL_TAGS
+      remoteRef:
+        key: kv/crowdsec/dmz-enroll
+        property: ENROLL_TAGS
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
diff --git a/dmz/crowdsec/values.yaml b/dmz/crowdsec/values.yaml
new file mode 100644
index 0000000..059a2c3
--- /dev/null
+++ b/dmz/crowdsec/values.yaml
@@ -0,0 +1,24 @@
+crowdsec:
+  #
+  image:
+    repository: registry.durp.info/crowdsecurity/crowdsec
+    pullPolicy: always
+
+  # for raw logs format: json or cri (docker|containerd)
+  container_runtime: containerd
+  agent:
+    # Specify each pod whose logs you want to process
+    acquisition:
+      # The namespace where the pod is located
+      - namespace: traefik
+        # The pod name
+        podName: traefik-*
+        # as in crowdsec configuration, we need to specify the program name to find a matching parser
+        program: traefik
+    env:
+      - name: COLLECTIONS
+        value: "crowdsecurity/traefik"
+  lapi:
+    envFrom:
+      - secretRef:
+          name: enroll-key
diff --git a/infra/argocd/templates/crowdsec.yaml b/infra/argocd/templates/crowdsec.yaml
new file mode 100644
index 0000000..1a2c2b5
--- /dev/null
+++ b/infra/argocd/templates/crowdsec.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: crowdsec
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: dmz/crowdsec
+  destination:
+    namespace: crowdsec
+    name: dmz
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true